Elasticsearch is a free, open-source search and analytics engine that powers the ELK Stack. Elasticsearch allows the various data pipelines using tools such as Logstash to collect and aggregate the data. Elasticsearch then stores the provided data, allowing the applications to access, search, sort, and filter large amounts of data in near real-time. Elasticsearch also enables you to visualize the various data using built-in tools.
Such features make Elasticseach highly suitable for searching and sorting the extensive amounts of data with minimal to no latency. So, whether you are creating a search engine or analyzing logs, metrics, and other text data, Elasticsearch is a great choice.
At the heart of Elasticsearch is an index. An index refers to the unit responsible for storing the documents in Elasticsearch. An index is relatively equivalent to a database in the context of relational databases. For example, you can have an index that holds all the data for the logs of a web application.
Like all databases, you may encounter a scenario where you need to remove all the data from your cluster, allowing you to start with a clean slate.
This article shows you how to use the Elasticsearch API features to remove all the indexes from your cluster.
CAUTION: The methods and techniques used in this article will lead to data loss. We do not hold responsibility for any data loss that may occur due to the instructions in this article.
Elasticsearch Delete Index API
If you are starting the Elasticsearch, you will need to know how to perform the basic API calls. This is because Elasticsearch utilizes the APIs to the maximum.
As you can guess, we use the Delete Index API to remove an index from a cluster. The syntax for the index delete requests is as shown:
The request removes the specified index and the stored documents, shards, and all its metadata.
Keep in mind that this will not remove any Kibana components associated with the specified index such as data views, etc.
You can specify a single or multiple indices by separating them with commas. An example syntax is as shown:
DELETE /index1,index2,index3…indexN
Elasticsearch prevents you from using the Index alias when deleting an index. Instead, you are required to use the index name.
Example 1: Elasticsearch Delete Index
The following example shows how to use the Elasticsearch delete index API to remove an existing index from the cluster:
The previous request sends a DELETE request to the delete API. This should remove the index with the name “kibana_sample_data_logs”.
The resulting output is as shown:
"acknowledged": true
}
Example 2: Elasticsearch Delete Multiple Indices
We can remove the multiple indices by passing them as a comma-separated list. An example query is as shown:
The previous command deletes the specified indices and returns a message as shown:
"acknowledged": true
}
Note: If the index does not exist, Elasticsearch returns an error as shown:
Example 3: Elasticsearch Delete All Indices
We can use the _all wildcard in the delete index API to remove all the indices from a cluster. The delete index API will, by default, prevent you from passing the wildcards in the request.
You can disable this by setting the action.desctructive_requires_name to false.
The following query shows you how to enable the use of wildcards in the delete index API:
{
"transient": {
"action.destructive_requires_name" : false
}
}'
NOTE: Although Elasticsearch does not recommend the use of transient cluster settings, avoid setting the destructive cluster parameters such as the use of wildcards as a persistent cluster setting.
The previous query should return the result as:
"acknowledged": true,
"persistent": {},
"transient": {
"action": {
"destructive_requires_name": "false"
}
}
}
Once successful, you can remove all the indices in the cluster by running the following command:
Example 4: Elasticsearch Delete All Indices That Match Specific Names
If you wish to remove all the indices that match a specific pattern, you can use a wildcard character (*).
For example, to remove all the indices starting with the name kibana, we can run the following query:
The previous request removes all the indices starting with kibana.
NOTE: The previous request requires the use of wildcards. Hence, you must enable the wildcard support as shown in the previous section.
Conclusion
This guide taught you how to use the Elasticsearch delete index API. You also learned how to enable the wildcard support in your cluster, remove all the indices and remove the indices that match a specific pattern.